UK data shows 43% of businesses identified a cyber breach/attack in the last 12 months (≈612k firms), with phishing dominant and an average cost of £3,550 for businesses and £8,690 for charities for the most disruptive incident. Cyber security sits with the board, per the NCSC’s 10 Steps and its Toolkit for Boards
Choosing the right connectivity involves weighing performance, resilience, and cost. In the UK, gigabit-capable networks are increasingly accessible, with 87% of homes covered. Full-fibre availability is at 78%, impacting speed and pricing for SMEs. Ofcom’s guidelines emphasize service level agreements (SLAs) on speed and repair times, urging clarity for consumers. Businesses should evaluate FTTP for lower costs and variable speeds, whereas leased lines offer consistent performance for critical applications, albeit at higher costs. Understanding connectivity options is crucial for effective decision-making.
Clear QoS rules help maintain predictable voice and video performance in environments with competing bandwidth demands. Employing techniques such as DSCP marking, WMM, and WAN queueing can prioritize real-time traffic effectively. The guidelines outline steps for marking at the source, preserving DSCP, shaping traffic, isolating guest Wi-Fi, and monitoring performance, ensuring optimized network conditions for communication applications.
A practical, vendor‑neutral baseline for UK SMEs: VLANs and zones, firewall segmentation, guest Wi‑Fi isolation, and DoS preparedness—grounded in NCSC’s 10 Steps and UK B5 Resilient Networks.
Understand RPO/RTO for UK SMEs, set realistic continuity targets, choose test frequencies and define a “minimum viable continuity” plan that protects critical operations without over‑engineering.
This checklist assists UK SMEs in validating backup and disaster recovery setups to ensure effective data recovery. It outlines practical tests to confirm the restoration of critical data within acceptable timeframes. The guidance spans micro to medium-sized businesses, aligning with best practices for backups and ransomware resilience, emphasizing the importance of regular testing and proper separation from live systems.
Introduction — what an audit does (and doesn’t) An independent IT audit gives your organisation a clear, vendor‑neutral view of what you run today, where the risks and inefficiencies really are, and a prioritised plan you can act on without adding complexity.It doesn’t try to sell tools, force a one‑size‑fits‑all checklist, or drown decision‑makers in … Read more
A national boiler‑maintenance company in France had acquired 40+ independent firms. The country CEO (non‑technical) needed control over fast‑growing servers, networks, providers and services—serving ~300 concurrent users out of 1,200 employees, including field technicians. I was hired to take end‑to‑end responsibility for IT coordination and integration, excluding budget ownership and group reporting. I coordinated vendors, unified systems, migrated data, maintained operations, recruited a Level‑1 technician and supervised his monitoring project. Outcome: a unified, governable IT landscape, smooth migrations with operational continuity, and a platform ready for the parent group’s later datacentre move.
Many SMEs (solicitors, real‑estate, creative studios, factories) need ongoing IT oversight yet do not justify a full‑time internal role. A delegated IT cadence delivers quiet reliability: routine monitoring (backups, logs, core health), minor ticket handling, and pragmatic advisory for projects (office moves, upgrades, new software). The result: fewer disruptions, peace of mind for management, and access to senior competence without permanent staffing.
A Swiss design and architecture school — administratively attached to a French group — needed a structured migration and harmonisation into the group’s environment. This was not a crisis, nor a hardware refresh. It was competence‑led: assessment, standardisation, VPN integration, centralised apps (TSE/Citrix), and secure, accountable printing—delivered with no hardware sales. The cutover was smooth; users (faculty, students, admin) experienced a consistent workspace and management gained visibility without disruption.
